FCCU GNU/Linux Forensic Bootable CD is a
bootable CD based on Debian-live that contains
a lot of tools suitable for computer forensic
investigations, including bash scripts. Its main
purpose is to create images of devices prior to
analysis, and it is used by the Belgian Federal
Computer Crime Unit.

The RegLookup project is devoted to direct analysis of Windows NT-based registry files. RegLookup provides command line tools, a C API, and a Python module for accessing registry data structures. The project has a focus on providing tools for digital forensic examiners (though it is useful for many purposes), and includes algorithms for retrieving deleted data structures from registry hives.

GrokEVT is a collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

fccu-docprop is a command line utility that tries
to print the properties of MS OLE files. MS OLE
Files are mainly MS Office DOC and XLS files. This
software uses the libgsf library to get the
metadata. This software can be used for forensic
purposes.

tableau-parm is an small commandline utility designed to interact with Tableau forensic write blockers. It performs functions similar to the Tableau Disk Monitor, except that it operates under select UNIX platforms.

A 'honeypot' is designed to detect server-side
attacks. In contrast, a 'honeyclient' is designed
to detect client-side attacks. Specifically, a
honeyclient is a dedicated host that drives
specially instrumented applications to access
remote servers to see if those servers are
behaving in a malicious manner (by compromising
the client). Honeyclients can proactively detect
exploits against client applications without known
signatures. This framework uses a client-server
model with SOAP messaging as the primary
communication method, and uses the free version of
VMware Server as a means of virtualizing the
client environment.

The Karmasphere DP language is a high-performance
non-blocking parallel language for performing data
processing. It is designed to give the user a high
degree of control over the usage of system
resources, such as how many CPU cores or how much
disk I/O time to use, without requiring the
software developer to explicitly consider these
issues in code. The implementation is a
stand-alone library that can be used in any Java
1.5 environment. It can take full advantage of
multiprocessor (SMP or NUMA) systems, and may be
scaled sideways: since the interpreter and
environment are stateless, an entire cluster of
machines may run the interpreter in parallel
without any need for synchronization.

LynxFS is a filesystem driver for LynxOS
filesystem images. It is based on FUSE. The LynxOS
filesystem appears to be very similar to BSD's
FFS. This driver may be of use to people
inspecting or debugging embedded systems.